Behavioral Analysis of Transport Layer Based Hybrid Covert Channel

Koundinya, Anjan K; Abraham, Jibi

doi:10.1007/978-3-642-14478-3_9

Cited by 8 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This channel is termed as "Hybrid Covert Channel". A Hybrid Covert Channel [3] is a variant of covert channel that is homogeneous composition of two or more covert channel variants existing at same or different instance of time. Hybrid covert channel may not have strict composition.…”

Section: Fig 1 Covert Channel Visualizationmentioning

confidence: 99%

Exploration of covert schemes and their embodiments in Hybrid Covert channel Deep Insight into Covert Channel

Ank¹,

Abraham²,

Srinath³

et al. 2015

Second International Conference on Advances in Computing, Control and Networking - ACCN 2015

Self Cite

View full text Add to dashboard Cite

Covert channels is a vital setup in the analyzing the strength of security in a network. Covert Channel is illegitimate channeling over the secured channel and establishes a malicious conversation. The trapdoor set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert schemes that enable to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placingmultiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of "Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect suchevent is complicated due to lack of knowledge over the different covert schemes. Exploring all the clandestine schemes used in formation of Hybrid Covert Channel would assist in understanding the complete search space of the covert possibilities and thereby improving the knowledgeof detection engine. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The paper sets itself an objective to understand the different covert schemes and their usage in different trapdoors.

show abstract

Section: Fig 1 Covert Channel Visualizationmentioning

confidence: 99%

Exploration of covert schemes and their embodiments in Hybrid Covert channel Deep Insight into Covert Channel

Ank¹,

Abraham²,

Srinath³

et al. 2015

Second International Conference on Advances in Computing, Control and Networking - ACCN 2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…A hybrid covert channel as a combination of simple network covert channel in TCP and subliminal channel in SSL/TLS is given in [6,7]. Access-ControlAllow-Origin and ContentLocation header storage Dunkan et al [29] 2010…”

Section: Steganography In Transport Layermentioning

confidence: 99%

Covert channels in TCP/IP protocol stack - extended version-

Mileva

Panajotov

2014

Open Computer Science

View full text Add to dashboard Cite

We give a survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack.Techniques are organized according to affected layer and protocol. For most of the covert channels its data bandwidth is given. IntroductionAn overt channel is a communication channel within a computer system or network, designed for the authorized transfer of data. A covert channel (first introduced by Lampson [62]), on the other hand, is any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy [26]. Any shared resource can potentially be used as a covert channel. Covert channels can be divided primarily in storage and timing channels. In a case of the storage channels, usually one process writes (directly or indirectly) to a shared resource, while another process reads from it. Timing channel is essentially any technique that conveys information by the timing of events, in which case the receiving process needs a clock. Special timing covert channel is counting channel which carries data by counting the occurrences of certain events [44].Additionally, timing channels can be active if they generate additional traffic or passive if they manipulate the timing of existing traffic. As any other communication channel, covert channel can be noisy or noiseless.According to the number of information flows between the sender and the receiver -several or one, there are aggregated and non-aggregated covert channels [36]. According to the presence or absence of the intermediate node in the communication, covert channels can be indirect or direct. Payload tunnel is a covert channel, where one protocol is tunnelled in the payload of the other protocol. Covert channels are studied as a part of the science * E-mail: aleksandra.mileva@ugd.edu.mk † E-mail: boris.panajotov@ugd.edu.mk steganography, and different steganographic methods used in telecommunication networks are known as network steganography.The adversary model is based on the Simmons prisoner problem [105]: two parties want to communicate confidentially and undetected over an insecure channel, the warden. The warden can be passive -which monitor traffic and report when some unauthorized traffic is detected, or active -which can modify the content of the messages with the purpose of eliminating any form of hidden communication. Simmons introduced the term subliminal channel, a variant of covert channel which uses cryptographic algorithm or protocol for hiding messages. A composition of covert channel with subliminal channel is the hybrid channel.Covert channels can be analysed by the total number of steganogram bits transmitted during a second (Raw Bit Rate -RBR), or by the total number of steganogram bits transmitted per PDU (for example, Packet Raw BitRate-PRBR) [78]. In ideal case, if no packets are lost, capacity of some storage channels can be expressed as Steganography in Internet layerInternet Protocol (IP) is the primary protocol in the TCP/IP protocol stack, ...

show abstract

“…As theoretically explained in [5] a covert sender can place his covert data in covert vulnerable fields like sequence number, Flags, Ack, options, padding and reserved. Since simple network covert channel is being constructed in this work, focus is on sequence number, padding and flags fields.…”

Section: ) Designing Simple Network Covert Channel In Tcpmentioning

confidence: 99%

“…Transmission mode is many times found to be synchronous but can also be asynchronous. A broad classification of the covert channels is described in [5].…”

Section: Introductionmentioning

confidence: 99%

Design of Transport Layer Based Hybrid Covert Channel Detection Engine

Anjan¹,

Abraham²,

Jadhav³

2010

IJASUC

Self Cite

View full text Add to dashboard Cite

Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called "Covert Channel". The word "Covert" stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitimate network communication that clearly violates security policies laid down. The non-transparency in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate communication whose motto is to leak information. Subliminal channel, a variant of covert channel works similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with subliminal channel is the "Hybrid Covert Channel". Hybrid covert channel is homogenous or heterogeneous mixture of two or more variants of covert channels either active at same instance or at different instances of time. Detecting such malicious channel activity plays a vital role in removing threat to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP and SSL.Comment: 8 pages, 4 figures, Journa

show abstract

Behavioral Analysis of Transport Layer Based Hybrid Covert Channel

Cited by 8 publications

References 4 publications

Exploration of covert schemes and their embodiments in Hybrid Covert channel Deep Insight into Covert Channel

Exploration of covert schemes and their embodiments in Hybrid Covert channel Deep Insight into Covert Channel

Covert channels in TCP/IP protocol stack - extended version-

Design of Transport Layer Based Hybrid Covert Channel Detection Engine

Contact Info

Product

Resources

About